Download
| Alert*
|
oval:org.secpod.oval:def:109562
The most popular and powerful open source messaging and Integration Patterns server. oval:org.secpod.oval:def:2001170 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. oval:org.secpod.oval:def:1901393 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. oval:org.secpod.oval:def:2001010 TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. oval:org.secpod.oval:def:602433 It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation oval:org.secpod.oval:def:602198 It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command. oval:org.secpod.oval:def:1900871 In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. oval:org.secpod.oval:def:1901769 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. |
